Content

OpenSSL update creates new critical flaw

The OpenSSL Project released a critical patch for a new flaw created as a result of an update to the cryptography library.

OpenSSL announced an update last week that fixed 14 flaws. However, a patch for a memory corruption flaw (CVE-2016-6307) in the open-source library created a dangling pointer flaw (CVE-2016-6309).

OpenSSL released a patch for the new flaw on Monday. The critical vulnerability was disclosed by Google ‎information security engineer Robert Święcki.

“The patch applied to address CVE-2016-6307 resulted in an issue where if a message larger than approx 16k is received then the underlying buffer to store the incoming message is reallocated and moved,” the security advisory stated. “Unfortunately a dangling pointer to the old location is left which results in an attempt to write to the previously freed location.”

A recent report highlighted the difficulties faced by enterprises patching open source software and noted a rising number of attacks that were the result of software vendors being slow to update open source components in commercial software.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.